766906 – Invalid Credentials when registering system via cli

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 766906 - Invalid Credentials when registering system via cli

Summary: Invalid Credentials when registering system via cli

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	katello-agent
Sub Component:
Version:	6.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Ivan Necas
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:	754934 757775 767989
Blocks:	katello-blockers
TreeView+	depends on / blocked

Reported:	2011-12-12 19:20 UTC by Og Maciel
Modified:	2019-09-26 13:26 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	768390 (view as bug list)
Environment:
Last Closed:	2012-08-22 18:12:57 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Og Maciel 2011-12-12 19:20:58 UTC

Description of problem:

Registering a system as a user other than the default admin user fails with an "Invalid credentials" (and a 401 error on katello log) message.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Created a Bloomberg user and assigned him the administrator role and the Base (Locker > Base) environment for my NY Data Center environment
2. Booted a vanilla RHEL 6.1 system and followed the instructions to edit rhsm.conf and adding candlepin's certificate to it (see https://fedorahosted.org/katello/wiki/GuideSystemRegistrationClient)
3. Through the web UI, I proceeded to add this system as a new system
4. SSHed into the client and tried to perform the registration process using subscription-manager
  
Actual results:

The output of registration-manager register --force --username=Bloomberg --password=***** was: Invalid credentials

Expected results:


Additional info:

katelloschema=> select * from users where username = 'Bloomberg';

4 | Bloomberg | ad03c6df04cdb2a789ee6db08c9668f3fc9abe87b594a846b6e22e865bbe9aa1bb837b9b85b4dd0ace1c690f0d2be57b6edff262914cfd948ae4cbe8d0122aa0oZxY2HQQk3QzD67dmBg2tK
kQOHKDahI4DT1oWP6M8RIXqQrnehocYLHMrEEguMpt | t                | 2011-12-08 16:28:27.945881 | 2011-12-12 18:28:57.032247 |           6 |        25 | f        | <EMAIL>
|                      |

katelloschema=> select * from roles_users where user_id = 4;
 role_id | user_id 
---------+---------
       6 |       4
       1 |       4

katelloschema=> select * from roles where id in (1, 6);
 id |              name              |         created_at         |         updated_at         |             description              
----+--------------------------------+----------------------------+----------------------------+--------------------------------------
  1 | Administrator                  | 2011-12-07 19:07:23.650532 | 2011-12-07 19:07:23.650532 | Super administrator with all access.
  6 | Bloomberg_aF9yvJIo441CSYU9XHN7 | 2011-12-08 16:28:27.934124 | 2011-12-08 16:28:27.934124 | 

katelloschema=> select * from systems;
 id |                 uuid                 |      name      |         description         | location | environment_id |         created_at         |         updated_at 
        | system_template_id 
----+--------------------------------------+----------------+-----------------------------+----------+----------------+----------------------------+--------------------
--------+--------------------
  1 | c44d088b-7c40-4b62-8261-9cc840d4d737 | rhel6-client-1 | Initial Registration Params | None     |              7 | 2011-12-08 19:45:30.425396 | 2011-12-08 19:45:30
.425396 |

Comment 1 Og Maciel 2011-12-12 19:24:27 UTC

katello's log:

Started GET "/katello//api/consumers/c44d088b-7c40-4b62-8261-9cc840d4d737" for 10.16.120.146 at Mon Dec 12 13:55:32 -0500 2011
  Processing by Api::SystemsController#show as JSON
  Parameters: {"id"=>"c44d088b-7c40-4b62-8261-9cc840d4d737", "_json"=>nil}
Completed   in 5ms
  Processing by FailedAuthenticationController#unauthenticated_api as JSON
  Parameters: {"auth_username"=>"Bloomberg", "id"=>"c44d088b-7c40-4b62-8261-9cc840d4d737", "auth_password"=>"[FILTERED]", "_json"=>nil}
Request is unauthenticated_api for 127.0.0.1
Completed 401 Unauthorized in 1ms (Views: 0.5ms | ActiveRecord: 0.4ms)

Comment 2 Og Maciel 2011-12-12 19:36:44 UTC

Started POST "/katello//api/consumers/" for 10.16.120.146 at Mon Dec 12 14:34:58 -0500 2011
  Processing by Api::SystemsController#create as JSON
  Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"client-og-1.usersys.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "net.interface.eth2.broadcast"=>"10.16.120.255", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"3 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.bios.vendor"=>"Seabios", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "net.interface.eth2.hwaddr"=>"52:54:00:fc:ba:e4", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"cde1a796-c280-08fe-fd33-083cca9c8db7", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"4128760", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>"  (ns)", "net.interface.eth2.ipaddr"=>"10.16.120.146", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"2", "net.interface.lo.netmask"=>"255.0.0.0", "dmi.memory.error_information_handle"=>"Not Provided", "net.interface.eth2.netmask"=>"255.255.255.0", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"2", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"client-og-1.usersys.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"3090056", "cpu.on-line_cpu(s)_list"=>"0,1", "dmi.system.status"=>"No errors detected", "dmi.bios.version"=>"0.5.1", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0,1", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"3072 MB", "network.ipaddr"=>"127.0.0.1", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"client-og-1.usersys.redhat.com", "type"=>"system"}
Completed   in 5ms
  Processing by FailedAuthenticationController#unauthenticated_api as JSON
  Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"client-og-1.usersys.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "net.interface.eth2.broadcast"=>"10.16.120.255", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"3 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.bios.vendor"=>"Seabios", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "net.interface.eth2.hwaddr"=>"52:54:00:fc:ba:e4", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"cde1a796-c280-08fe-fd33-083cca9c8db7", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"4128760", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>"  (ns)", "net.interface.eth2.ipaddr"=>"10.16.120.146", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"2", "net.interface.lo.netmask"=>"255.0.0.0", "dmi.memory.error_information_handle"=>"Not Provided", "net.interface.eth2.netmask"=>"255.255.255.0", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"2", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"client-og-1.usersys.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"3090056", "cpu.on-line_cpu(s)_list"=>"0,1", "dmi.system.status"=>"No errors detected", "dmi.bios.version"=>"0.5.1", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0,1", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"3072 MB", "network.ipaddr"=>"127.0.0.1", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"client-og-1.usersys.redhat.com", "auth_username"=>"Bloomberg", "type"=>"system", "auth_password"=>"[FILTERED]"}
Request is unauthenticated_api for 127.0.0.1
Completed 401 Unauthorized in 1ms (Views: 0.4ms | ActiveRecord: 0.7ms)


Started GET "/katello//notices/get_new?_=1323718502165" for 10.11.231.56 at Mon Dec 12 14:35:05 -0500 2011
  Processing by NoticesController#get_new as JSON
  Parameters: {"_"=>"1323718502165"}
Completed 200 OK in 8ms (Views: 0.5ms | ActiveRecord: 1.5ms)

Comment 3 Lukas Zapletal 2011-12-15 08:52:05 UTC

We will be working on complete audit of all API permissions.

Comment 5 Tom McKay 2011-12-16 14:25:52 UTC

A read-only user can register a system (POST /api/consumers) but it then fails on saving packages (PUT /api/consumers/$id/packages).

Comment 6 Lukas Zapletal 2012-01-20 12:56:35 UTC

@Og:

[root@ofed ~]# subscription-manager register --username user --password useruser --org ACME_Corporation --env env --force
The system with UUID 3b384ad5-1ff2-4aac-8fbd-663d006f353d has been unregistered
The system has been registered with id: 7b14ac3e-ba12-4280-9194-f02c44819cfb 

[root@ofed ~]# rpm -q katello
katello-0.1.187-1.git.1.2d46557.el6.noarch

^^^ fixed in this version

@Tom:

This has also been fixed today. The same version should work too.

Comment 7 Mike McCune 2012-01-23 20:16:41 UTC

Lukas,  I was working with Og to try and reproduce this issue and we hit a  confusion situation.  His user as outlined above fails to register repeatedly with "invalid credentials":


[root@dhcp77-156 ca]# subscription-manager register --force --username=Bloomberg --password=****
Invalid credentials


but I created a duplicate user with the same default Org and Environment and registration worked fine:

[root@dhcp77-156 ca]# subscription-manager register --force --username=mmccune --password=password
[root@dhcp77-156 ca]# 

we couldn't see anything different about the 2 users and I'm not sure why one account works and the other doesn't.

Comment 9 Og Maciel 2012-01-23 20:20:38 UTC

The only difference we finally managed to find out what the version of subscription-manager installed in the client. For Mike, subscription-manager-0.96.17-1.el6.x86_64 worked. But for me, subscription-manager-0.95.11-1.el6.x86_64, did not.

Comment 11 Og Maciel 2012-01-24 17:58:45 UTC

Verbose log:


Setting current user thread-local variable to nil
Completed 200 OK in 50ms (Views: 1.7ms | ActiveRecord: 111.2ms)
  SQL (0.5ms)  SHOW client_min_messages
  SQL (0.1ms)  SET client_min_messages TO 'panic'
  SQL (0.2ms)  SET standard_conforming_strings = on
  SQL (0.1ms)  SET client_min_messages TO 'notice'
  SQL (0.8ms)  SET time zone 'UTC'
  SQL (0.1ms)  SHOW TIME ZONE
  PK and serial sequence (9.7ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"changesets_products"'::regclass

  PK and custom sequence (10.2ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"changesets_products"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  PK and serial sequence (5.5ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"changesets_system_templates"'::regclass

  PK and custom sequence (1.7ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"changesets_system_templates"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  PK and serial sequence (5.8ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"changesets_repositories"'::regclass

  PK and custom sequence (1.6ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"changesets_repositories"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  PK and serial sequence (5.3ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"filters_products"'::regclass

  PK and custom sequence (1.6ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"filters_products"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  PK and serial sequence (6.5ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"environment_priors"'::regclass

  PK and custom sequence (1.3ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"environment_priors"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  PK and serial sequence (5.3ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"environment_priors"'::regclass

  PK and custom sequence (1.3ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"environment_priors"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  PK and serial sequence (2.4ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"filters_products"'::regclass

  PK and custom sequence (1.2ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"filters_products"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  PK and serial sequence (4.0ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"changesets_products"'::regclass

  PK and custom sequence (1.5ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"changesets_products"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  SQL (2.4ms)   SELECT tablename
 FROM pg_tables
 WHERE schemaname = ANY (current_schemas(false))

  SQL (1.0ms)   SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
 FROM pg_attribute a LEFT JOIN pg_attrdef d
 ON a.attrelid = d.adrelid AND a.attnum = d.adnum
 WHERE a.attrelid = '"organizations"'::regclass
 AND a.attnum > 0 AND NOT a.attisdropped
 ORDER BY a.attnum
  PK and serial sequence (5.1ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"permissions_verbs"'::regclass

  PK and custom sequence (1.3ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"permissions_verbs"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
  SQL (2.3ms)   SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
 FROM pg_attribute a LEFT JOIN pg_attrdef d
 ON a.attrelid = d.adrelid AND a.attnum = d.adnum
 WHERE a.attrelid = '"providers"'::regclass
 AND a.attnum > 0 AND NOT a.attisdropped
 ORDER BY a.attnum

  PK and serial sequence (2.4ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"changesets_repositories"'::regclass
  PK and custom sequence (1.3ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"changesets_repositories"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'

  PK and serial sequence (2.1ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"changesets_system_templates"'::regclass
  PK and custom sequence (1.2ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"changesets_system_templates"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'

  PK and serial sequence (4.6ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"products_system_templates"'::regclass
  PK and custom sequence (1.3ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"products_system_templates"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'

  SQL (3.8ms)   SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
 FROM pg_attribute a LEFT JOIN pg_attrdef d
 ON a.attrelid = d.adrelid AND a.attnum = d.adnum
 WHERE a.attrelid = '"users"'::regclass
 AND a.attnum > 0 AND NOT a.attisdropped
 ORDER BY a.attnum
  PK and serial sequence (5.4ms)   SELECT attr.attname, seq.relname
 FROM pg_class seq,
 pg_attribute attr,
 pg_depend dep,
 pg_namespace name,
 pg_constraint cons
 WHERE seq.oid = dep.objid
 AND seq.relkind = 'S'
 AND attr.attrelid = dep.refobjid
 AND attr.attnum = dep.refobjsubid
 AND attr.attrelid = cons.conrelid
 AND attr.attnum = cons.conkey[1]
 AND cons.contype = 'p'
 AND dep.refobjid = '"permissions_verbs"'::regclass

  PK and custom sequence (1.4ms)   SELECT attr.attname,
 CASE
 WHEN split_part(def.adsrc, '''', 2) ~ '.' THEN
 substr(split_part(def.adsrc, '''', 2),
 strpos(split_part(def.adsrc, '''', 2), '.')+1)
 ELSE split_part(def.adsrc, '''', 2)
 END
 FROM pg_class t
 JOIN pg_attribute attr ON (t.oid = attrelid)
 JOIN pg_attrdef def ON (adrelid = attrelid AND adnum = attnum)
 JOIN pg_constraint cons ON (conrelid = adrelid AND adnum = conkey[1])
 WHERE t.oid = '"permissions_verbs"'::regclass
 AND cons.contype = 'p'
 AND def.adsrc ~* 'nextval'
Resource GET request: /candlepin/status
Headers: {}
Body: {}
Processing response: 200
{"version":"0.5.8","result":true,"standalone":true,"release":"1"}

Warning: Incorrect version , Expected 0.5.10-1, got 0.5.8-1



Started POST "/katello/api/consumers/" for 10.16.120.164 at Tue Jan 24 11:19:07 -0500 2012
  Processing by Api::SystemsController#create as JSON
  Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"2 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "net.interface.eth0.hwaddr"=>"52:54:00:81:85:8a", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.bios.vendor"=>"Seabios", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"0268218e-241e-2312-fd30-fb3a84731fee", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "net.interface.eth0.netmask"=>"255.255.255.0", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"6160376", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>"  (ns)", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"1", "net.interface.lo.netmask"=>"255.0.0.0", "net.interface.eth0.broadcast"=>"10.16.120.255", "dmi.memory.error_information_handle"=>"Not Provided", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"1", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"2055976", "cpu.on-line_cpu(s)_list"=>"0", "dmi.bios.version"=>"0.5.1", "dmi.system.status"=>"No errors detected", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "net.interface.eth0.ipaddr"=>"10.16.120.164", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"2048 MB", "network.ipaddr"=>"10.16.120.164", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "type"=>"system", "owner"=>"default"}
Setting locale: en
Warden is authenticating Bloomberg against database
  SQL (1.2ms)   SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
 FROM pg_attribute a LEFT JOIN pg_attrdef d
 ON a.attrelid = d.adrelid AND a.attnum = d.adnum
 WHERE a.attrelid = '"users"'::regclass
 AND a.attnum > 0 AND NOT a.attisdropped
 ORDER BY a.attnum

  User Load (0.8ms)  SELECT "users".* FROM "users" WHERE "users"."username" = 'Bloomberg' LIMIT 1
  SQL (0.7ms)   SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
 FROM pg_attribute a LEFT JOIN pg_attrdef d
 ON a.attrelid = d.adrelid AND a.attnum = d.adnum
 WHERE a.attrelid = '"users"'::regclass
 AND a.attnum > 0 AND NOT a.attisdropped
 ORDER BY a.attnum

Completed   in 23ms
  Processing by FailedAuthenticationController#unauthenticated_api as JSON
  Parameters: {"facts"=>{"dmi.bios.relase_date"=>"01/01/2007", "net.interface.lo.ipaddr"=>"127.0.0.1", "network.hostname"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "cpu.hypervisor_vendor"=>"KVM", "system.entitlements_valid"=>false, "dmi.memory.type"=>"RAM", "dmi.bios.address"=>"0xe8000", "dmi.bios.runtime_size"=>"96 KB", "distribution.id"=>"Santiago", "dmi.memory.maximum_capacity"=>"2 GB", "dmi.chassis.asset_tag"=>"Not Specified", "dmi.memory.bank_locator"=>"Not Specified", "cpu.virtualization_type"=>"full", "net.interface.eth0.hwaddr"=>"52:54:00:81:85:8a", "dmi.system.wake-up_type"=>"Power Switch", "dmi.chassis.boot-up_state"=>"Safe", "distribution.name"=>"Red Hat Enterprise Linux Server", "cpu.thread(s)_per_core"=>"1", "dmi.chassis.manufacturer"=>"Red Hat", "dmi.bios.bios_revision"=>"1.0", "dmi.chassis.version"=>"Not Specified", "distribution.version"=>"6.1", "uname.version"=>"#1 SMP Tue May 10 15:42:40 EDT 2011", "net.interface.lo.hwaddr"=>"00:00:00:00:00:00", "dmi.bios.vendor"=>"Seabios", "dmi.memory.error_correction_type"=>"Multi-bit ECC", "dmi.memory.locator"=>"DIMM 0", "dmi.system.manufacturer"=>"Red Hat", "dmi.chassis.serial_number"=>"Not Specified", "dmi.bios.rom_size"=>"64 KB", "cpu.stepping"=>"3", "uname.release"=>"2.6.32-131.0.15.el6.x86_64", "dmi.system.uuid"=>"0268218e-241e-2312-fd30-fb3a84731fee", "dmi.memory.array_handle"=>"0x1000", "cpu.cpu_op-mode(s)"=>"32-bit, 64-bit", "net.interface.eth0.netmask"=>"255.255.255.0", "dmi.memory.data_width"=>"64 bit", "memory.swaptotal"=>"6160376", "net.interface.lo.broadcast"=>"0.0.0.0", "dmi.chassis.lock"=>"Not Present", "cpu.cpu_mhz"=>"2133.266", "dmi.memory.speed"=>"  (ns)", "uname.machine"=>"x86_64", "dmi.memory.form_factor"=>"DIMM", "dmi.memory.total_width"=>"64 bit", "cpu.l1d_cache"=>"32K", "virt.is_guest"=>true, "cpu.cpu(s)"=>"1", "net.interface.lo.netmask"=>"255.0.0.0", "net.interface.eth0.broadcast"=>"10.16.120.255", "dmi.memory.error_information_handle"=>"Not Provided", "cpu.architecture"=>"x86_64", "cpu.vendor_id"=>"GenuineIntel", "dmi.processor.upgrade"=>"Other", "dmi.system.sku_number"=>"Not Specified", "cpu.bogomips"=>"4266.53", "dmi.memory.location"=>"Other", "dmi.chassis.thermal_state"=>"Safe", "cpu.l2_cache"=>"4096K", "dmi.system.serial_number"=>"Not Specified", "cpu.cpu_socket(s)"=>"1", "dmi.processor.voltage"=>" ", "uname.sysname"=>"Linux", "dmi.system.family"=>"Red Hat Enterprise Linux", "cpu.model"=>"13", "uname.nodename"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "dmi.processor.version"=>"Not Specified", "dmi.chassis.power_supply_state"=>"Safe", "dmi.memory.use"=>"System Memory", "dmi.system.version"=>"RHEL 6.1.0 PC", "memory.memtotal"=>"2055976", "cpu.on-line_cpu(s)_list"=>"0", "dmi.bios.version"=>"0.5.1", "dmi.system.status"=>"No errors detected", "cpu.numa_node(s)"=>"1", "dmi.chassis.security_status"=>"Unknown", "virt.host_type"=>"kvm", "cpu.l1i_cache"=>"32K", "dmi.system.product_name"=>"KVM", "dmi.chassis.type"=>"Other", "net.interface.eth0.ipaddr"=>"10.16.120.164", "dmi.processor.type"=>"Central Processor", "dmi.processor.socket_designation"=>"CPU 1", "cpu.byte_order"=>"Little Endian", "dmi.processor.status"=>"Populated:Enabled", "cpu.numa_node0_cpu(s)"=>"0", "cpu.core(s)_per_socket"=>"1", "dmi.memory.size"=>"2048 MB", "network.ipaddr"=>"10.16.120.164", "dmi.processor.family"=>"Other", "cpu.cpu_family"=>"6"}, "name"=>"10-16-120-164.dhcp.rhq.lab.eng.bos.redhat.com", "auth_username"=>"Bloomberg", "type"=>"system", "auth_password"=>"[FILTERED]", "owner"=>"default"}
Request is unauthenticated_api for 127.0.0.1
Completed 401 Unauthorized in 2ms (Views: 1.6ms | ActiveRecord: 105.4ms)


Started GET "/katello/notices/get_new?_=1327421992848" for 10.11.230.241 at Tue Jan 24 11:19:47 -0500 2012
  Processing by NoticesController#get_new as JSON
  Parameters: {"_"=>"1327421992848"}
  User Load (0.7ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 1 LIMIT 1
Setting locale: en
Setting current user thread-local variable to admin
  Notice Load (0.5ms)  SELECT notices.id, text, level, request_type FROM "notices" INNER JOIN "user_notices" ON "user_notices"."notice_id" = "notices"."id" WHERE (user_notices.user_id = 1 AND user_notices.viewed = 'f')
  UserNotice Load (0.3ms)  SELECT "user_notices".* FROM "user_notices" WHERE ("user_notices".user_id = 1)
Setting current user thread-local variable to nil
Completed 200 OK in 8ms (Views: 0.5ms | ActiveRecord: 1.4ms)

Comment 13 Lukas Zapletal 2012-01-25 09:09:41 UTC

It's most likely a bug in rhsm - we are receiving two extra characters in the password string:

>>> tclmeSRS�" <<<

It's some kind of unique sequence concatenated with quotes. In ACSCII this is:

tclmeSRS\357\277\275\"

We can't do anything with it in katello. I will ask RHSM guys first, we will see what is wrong.

Comment 16 Ivan Necas 2012-01-25 10:36:21 UTC

Clue: the strange chars appear in password in case username is longer then 8 chars. e.g. user testtest should work, testtestt doesn't

Comment 18 Lukas Zapletal 2012-01-25 13:34:55 UTC

Okay so it turns out Apache httpd mangles Authorization http header for unknown reason! Rhsm sends this:

Authorization: Basic Qmxvb21iZXJnOnRjbG1lU1JT

but Apache adds ", Basic" to it:

Authorization: Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic

And Rails 3 decodes the header this way (https://github.com/rails/rails/blob/d65b76642637928f64c9aa092e305238eb3b6f4f/actionpack/lib/action_controller/metal/http_authentication.rb#L143):

>> Base64.decode64('Basic Qmxvb21iZXJnOnRjbG1lU1JT, Basic'.split(' ', 2).last || '')
=> "Bloomberg:tclmeSRS\005\253\""

And that's the issue. Now, the only question is - is it a bug in httpd or rails? Looks like we need to read the RFC in this case :-)

http://en.wikipedia.org/wiki/Basic_access_authentication

Comment 19 Lukas Zapletal 2012-01-25 13:59:42 UTC

So it looks like a httpd bug since either HTTP/1.0 or HTTP/1.1 does not support anything else than:

Authorization: Basic BASE64_ENCODED_STUFF

http://tools.ietf.org/html/rfc1945#section-11
http://tools.ietf.org/html/rfc2617#section-2

Comment 21 Ivan Necas 2012-01-25 14:11:22 UTC

There is this line in /etc/httpd/conf.d/pulp.conf comming with pulp rpm:

  RequestHeader append Authorization "Basic" early

This adds ", Basic" to our Authorization header. Removing this line seems to fix this issue.

Comment 22 Lukas Zapletal 2012-01-25 15:34:44 UTC

Ok Ivan recommends this in our puppet:

common::line { "don_not_touch_auth_headers":
    file => "/etc/httpd/conf.d/pulp.conf",
    line    => "RequestHeader append Authorization "Basic" early",
    before      => Class["pulp::service"],
    ensure => absent;
  }

But James points out it will break yum, because repo auth code wont work without this header. We will need to come out with a different solution.

Comment 23 Ivan Necas 2012-01-25 15:54:55 UTC

Maybe we could put that line into <Directory /var/www/pub/repos>, so that no other path's would be affected. James?

Comment 24 Lukas Zapletal 2012-01-25 16:26:38 UTC

Filed a BZ for that: https://bugzilla.redhat.com/show_bug.cgi?id=784638

Comment 25 Lukas Zapletal 2012-02-07 11:59:48 UTC

Fixed in Pulp build: 0.265

Comment 26 Og Maciel 2012-02-09 17:46:02 UTC

Validated on:

* katello-cli-common-0.1.44-2.el6.noarch
* katello-certs-tools-1.0.2-2.el6.noarch
* katello-glue-candlepin-0.1.222-2.el6.noarch
* katello-trusted-ssl-cert-1.0-1.noarch
* katello-glue-pulp-0.1.222-2.el6.noarch
* katello-all-0.1.222-2.el6.noarch
* katello-repos-0.1.5-1.el6.noarch
* katello-glue-foreman-0.1.222-2.el6.noarch
* katello-0.1.222-2.el6.noarch
* katello-configure-0.1.61-2.el6.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-cli-0.1.44-2.el6.noarch
* katello-common-0.1.222-2.el6.noarch
* katello-selinux-0.1.3-1.el6.noarch
* katello-httpd-ssl-key-pair-1.0-1.noarch
* pulp-common-0.0.265-1.el6.noarch
* pulp-0.0.265-1.el6.noarch
* katello-glue-candlepin-0.1.222-2.el6.noarch
* candlepin-tomcat6-0.5.16-1.el6.noarch
* candlepin-0.5.16-1.el6.noarch

Comment 28 Mike McCune 2013-08-16 17:58:26 UTC

getting rid of 6.0.0 version since that doesn't exist

Note You need to log in before you can comment on or make changes to this bug.